Forum Discussion
POC for offboarding Defender for endpoint
I have talked to MDE support about this, and the answer will be that onboarding and offboarding needs (or should) be done by the same method.
So, if the device has been onboarded with Intune, it should be offboarded with Intune.
Offboarding with the local script might work (I think it has worked for us in a couple of client deployments), but success will not be guaranteed by support, and they will tell you to use same method you used to onboard.As for the offboard package expiring bit though, if you have integrated Intune and MDE, my understanding is that Intune should be fetching the blob info through the integration so you will not have to keep the offboarding package updated manually.
(at least this is what I got from reading the documentation)
https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configureQuote:
"The preceding screen capture shows your configuration options after you’ve configured a connection between Intune and Microsoft Defender for Endpoint. When connected, the details for the onboarding and offboarding blobs are automatically generated and transferred to Intune."
I have talked to MDE support about this, and the answer will be that onboarding and offboarding needs (or should) be done by the same method.
So, if the device has been onboarded with Intune, it should be offboarded with Intune.
Offboarding with the local script might work (I think it has worked for us in a couple of client deployments), but success will not be guaranteed by support, and they will tell you to use same method you used to onboard.
As for the offboard package expiring bit though, if you have integrated Intune and MDE, my understanding is that Intune should be fetching the blob info through the integration so you will not have to keep the offboarding package updated manually.
(at least this is what I got from reading the documentation)
https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure
Quote:
"The preceding screen capture shows your configuration options after you’ve configured a connection between Intune and Microsoft Defender for Endpoint. When connected, the details for the onboarding and offboarding blobs are automatically generated and transferred to Intune."